ViewVC Help
View File | Revision Log | Show Annotations | View Changeset | Root Listing
root/svn/ircd-hybrid-8/src/rsa.c
Revision: 1156
Committed: Tue Aug 9 20:29:20 2011 UTC (12 years, 7 months ago) by michael
Content type: text/x-csrc
File size: 5507 byte(s)
Log Message:
- create ircd-hybrid-8 "branch"

File Contents

# Content
1 /*
2 * ircd-hybrid: an advanced Internet Relay Chat Daemon(ircd).
3 * rsa.c: Functions for use with RSA public key cryptography.
4 *
5 * Copyright (C) 2002 by the past and present ircd coders, and others.
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
20 * USA
21 *
22 * $Id$
23 */
24
25 #include "stdinc.h"
26
27 #include <openssl/pem.h>
28 #include <openssl/rand.h>
29 #include <openssl/rsa.h>
30 #include <openssl/bn.h>
31 #include <openssl/evp.h>
32 #include <openssl/err.h>
33 #include <openssl/opensslv.h>
34
35 #include "memory.h"
36 #include "rsa.h"
37 #include "s_conf.h"
38 #include "s_log.h"
39 #include "client.h" /* CIPHERKEYLEN .. eww */
40 #include "ircd.h" /* bio_spare_fd */
41
42
43 /*
44 * report_crypto_errors - Dump crypto error list to log
45 */
46 void
47 report_crypto_errors(void)
48 {
49 unsigned long e = 0;
50 unsigned long cnt = 0;
51
52 ERR_load_crypto_strings();
53
54 while ((cnt < 100) && (e = ERR_get_error()))
55 {
56 ilog(L_CRIT, "SSL error: %s", ERR_error_string(e, 0));
57 cnt++;
58 }
59 }
60
61 /*
62 * verify_private_key - reread private key and verify against inmem key
63 */
64 int
65 verify_private_key(void)
66 {
67 BIO *file;
68 RSA *key;
69 RSA *mkey;
70
71 /* If the rsa_private_key directive isn't found, error out. */
72 if (ServerInfo.rsa_private_key == NULL)
73 {
74 ilog(L_NOTICE, "rsa_private_key in serverinfo{} is not defined.");
75 return -1;
76 }
77
78 /* If rsa_private_key_file isn't available, error out. */
79 if (ServerInfo.rsa_private_key_file == NULL)
80 {
81 ilog(L_NOTICE, "Internal error: rsa_private_key_file isn't defined.");
82 return -1;
83 }
84
85 if (bio_spare_fd > -1)
86 close(bio_spare_fd);
87
88 file = BIO_new_file(ServerInfo.rsa_private_key_file, "r");
89
90 /*
91 * If BIO_new_file returned NULL (according to OpenSSL docs), then
92 * an error occurred.
93 */
94 if (file == NULL)
95 {
96 bio_spare_fd = save_spare_fd("SSL private key validation");
97 ilog(L_NOTICE, "Failed to open private key file - can't validate it");
98 return -1;
99 }
100
101 key = PEM_read_bio_RSAPrivateKey(file, NULL, 0, NULL);
102
103 if (key == NULL)
104 {
105 ilog(L_NOTICE, "PEM_read_bio_RSAPrivateKey() failed; possibly not RSA?");
106 report_crypto_errors();
107 return -1;
108 }
109
110 BIO_set_close(file, BIO_CLOSE);
111 BIO_free(file);
112 bio_spare_fd = save_spare_fd("SSL private key validation");
113
114 mkey = ServerInfo.rsa_private_key;
115
116 /*
117 * Compare the in-memory key to the key we just loaded above. If
118 * any of the portions don't match, then logically we have a different
119 * in-memory key vs. the one we just loaded. This is bad, mmmkay?
120 */
121 if (mkey->pad != key->pad)
122 ilog(L_CRIT, "Private key corrupted: pad %i != pad %i",
123 mkey->pad, key->pad);
124
125 if (mkey->version != key->version)
126 ilog(L_CRIT, "Private key corrupted: version %li != version %li",
127 mkey->version, key->version);
128
129 if (BN_cmp(mkey->n, key->n))
130 ilog(L_CRIT, "Private key corrupted: n differs");
131 if (BN_cmp(mkey->e, key->e))
132 ilog(L_CRIT, "Private key corrupted: e differs");
133 if (BN_cmp(mkey->d, key->d))
134 ilog(L_CRIT, "Private key corrupted: d differs");
135 if (BN_cmp(mkey->p, key->p))
136 ilog(L_CRIT, "Private key corrupted: p differs");
137 if (BN_cmp(mkey->q, key->q))
138 ilog(L_CRIT, "Private key corrupted: q differs");
139 if (BN_cmp(mkey->dmp1, key->dmp1))
140 ilog(L_CRIT, "Private key corrupted: dmp1 differs");
141 if (BN_cmp(mkey->dmq1, key->dmq1))
142 ilog(L_CRIT, "Private key corrupted: dmq1 differs");
143 if (BN_cmp(mkey->iqmp, key->iqmp))
144 ilog(L_CRIT, "Private key corrupted: iqmp differs");
145
146 RSA_free(key);
147 return 0;
148 }
149
150
151 static void
152 binary_to_hex(unsigned char *bin, char *hex, int length)
153 {
154 static const char trans[] = "0123456789ABCDEF";
155 int i;
156
157 for (i = 0; i < length; i++)
158 {
159 hex[i << 1] = trans[bin[i] >> 4];
160 hex[(i << 1) + 1] = trans[bin[i] & 0xf];
161 }
162
163 hex[i << 1] = '\0';
164 }
165
166 int
167 get_randomness(unsigned char *buf, int length)
168 {
169 /* Seed OpenSSL PRNG with EGD enthropy pool -kre */
170 if (ConfigFileEntry.use_egd &&
171 (ConfigFileEntry.egdpool_path != NULL))
172 {
173 if (RAND_egd(ConfigFileEntry.egdpool_path) == -1)
174 return -1;
175 }
176
177 if (RAND_status())
178 return (RAND_bytes(buf, length));
179 else /* XXX - abort? */
180 return (RAND_pseudo_bytes(buf, length));
181 }
182
183 int
184 generate_challenge(char **r_challenge, char **r_response, RSA *rsa)
185 {
186 unsigned char secret[32], *tmp;
187 unsigned long length;
188 int ret = -1;
189
190 if (!rsa)
191 return -1;
192 get_randomness(secret, 32);
193 *r_response = MyMalloc(65);
194 binary_to_hex(secret, *r_response, 32);
195
196 length = RSA_size(rsa);
197 tmp = MyMalloc(length);
198 ret = RSA_public_encrypt(32, secret, tmp, rsa, RSA_PKCS1_PADDING);
199
200 *r_challenge = MyMalloc((length << 1) + 1);
201 binary_to_hex( tmp, *r_challenge, length);
202 (*r_challenge)[length<<1] = 0;
203 MyFree(tmp);
204
205 if (ret < 0)
206 {
207 report_crypto_errors();
208 return -1;
209 }
210 return 0;
211 }

Properties

Name Value
svn:eol-style native
svn:keywords Id Revision